:strip_icc()/i.s3.glbimg.com/v1/AUTH_da025474c0c44edd99332dddb09cabe8/internal_photos/bs/2025/c/J/2V3DAJRcuWAjiQ5q4fmA/pix-ataque-hacker-bruno-peres-agencia-brasil.jpg)
Sinqia, a company that connects banks to the Pix system, was the target of a hacker attack on Friday afternoon, which resulted in a divert of $ 670 million, according to sources, a larger amount than initially estimated. Of this total, R $ 630 million were from HSBC and R $ 40 million from the Direct Credit Society. The criminals tried to divert more resources, over $ 1 billion, but were barred by the Central Bank (BC) action.
- Security: Understand what will change to recover stolen money in pix blows
- Evolution: Central Bank expands resource return mechanism in case of pixe fraud
The episode occurs exactly two months after fraud at C&M Software, another company responsible for making the connection between banks and fintechs to the BC’s half -payment system. In the evaluation of experts, the new case -powered case with technology companies exposes breaches that point to the need to improve system rules and supervision.
R $ 366 million blocked
Of the total resources diverted, R $ 366 million have already been blocked. The teams involved are mobilized to recover the rest of the stolen value, and the Federal Police investigates the case. Sinqia is without access to the Pix environment.
In a statement, the company said it investigates the case and works to rebuild the affected systems in a new environment with monitoring and enhanced controls. “Once the environment is rebuilt and we are confident that it is ready to be placed back in operation, the Central Bank will revise and approve it before putting it again online.”
- Guerra de Apps: Food delivery platforms crash billionaire dispute by the client in Brazil
- A Moeda the Big Tech: Book shows how platforms profit from users’ attention
Accounts were not affected, says HSBC
The HSBC said it has identified financial transactions via Pix in a bank’s account account. He added that the operation did not affect customer or fund accounts, as the impact would have occurred exclusively on the provider’s system.
“The bank also clarifies that measures have been taken to block these transactions in the provider’s environment. HSBC reaffirms the commitment to data security and is available to the authorities to collaborate with investigations,” he said.
- iPhone 17 comes there: As the new features of iOS 26 with AI should boost the device. Understand
- Fortuna de R $ 227 Bi: From the first investor of Facebook to the richest Brazilian, know who is Eduardo Saverin
Artta confirmed, in a statement, the attack and said that the incident reached accounts that keeps directly in the BC for interbank settlement, without impact to customers. “There was no attack on the artta environment or the accounts of our customers,” he said.
Focus on regulation and supervision
In early July, an attack on C&M was facilitated, according to investigators, by an employee of the company who passed on credentials to criminals. In that case, more than $ 800 million were diverted. Two months after the deviation, the work to review all the resources still continue.
Although the BC system has not been invaded in either episodes, technicians heard under reserve evaluate that attacks put the regulation and supervision problems of the agency in evidence, especially due to the chronic reduction of personnel and financial limitations.
- PCC: Revenue secretary says ‘lies involving Pix’ earlier this year helped organized crime
- After pix crisis: Revenue includes standard on fintechs what purpose is to combat organized crime
BC employees have been undergoing drastic reduction in recent years, with pensions and talent loss to other organs or to the private sector. But regulator’s attributions increase due to the growth and diversification of regulated institutions and business models.
Lawyer Aylton Gonçalves, a financial regulation expert, evaluates that the new attack shows that people involved in illicit activities seem to have understood two important elements regarding the market of technology service providers: concentration, with only seven active companies, eaa operational dependence on BC regulated institutions, considering that many companies need these companies for their business. He stresses that BC is important to advance the supervision and regulation of these companies:
– It is very important that the supervision of these companies is more robust. In addition, it is possible to think about the need for regulation to advance on prevention of cyber fraud and security, ”he said.
- Trump’s chess: Republican’s strategy so that the Fed vacancies are allies
- Meeting: XI Jinping and Prime Minister of India promise to rebuild ties while US trade war increases pressure
Some career limitations in the BC, however, can be an obstacle. Pix operates 24 hours a day and seven days a week, but there is no forecast for payment of nightly or hours worked on weekends for monitoring. Interlocutors also evaluate that it is necessary to review rules regarding regulated institutions and technology companies – something that, likewise, requires resources and personal.
People with knowledge on the subject state that from a security point of view, the ideal would be that each institution had its own access to the BC system, but recognize that it would be unfeasible for lower companies due to cost. The regulator has a specific network for communication with financial institutions, with strong encryption and based on digital certificates.
Participants who connect directly to this network through private links at the institution’s headquarters. In addition, each operation has a single key, verified by both parts (BC and institution).
